tiennm99/goclaw
1
0
Fork 0
mirror of https://github.com/tiennm99/goclaw.git synced 2026-06-10 10:10:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
510 Commits 1 Branch 0 Tags
4e9f155a4c8ca9400a50cd4fedc90dfd896f4e54
Commit Graph

5 Commits

Author SHA1 Message Date
viettranx bdb60de7ae chore: upgrade Go 1.25 → 1.26 and apply go fix modernizations 
- Update go.mod and Dockerfile to Go 1.26
- Apply `go fix ./...` stdlib modernizations across 170+ files
- Add `go fix` to post-implementation checklist in CLAUDE.md
- Fix go fix misapplied rewrite in loop_history.go
 2026-03-10 00:09:15 +07:00
Nam Nguyen Ngoc b901a82551 fix(security): harden web fetch/search against prompt injection and cache poisoning (#80) 
- Scan web_fetch/web_search tool results for prompt injection patterns via inputGuard
- Strip hidden HTML elements (display:none, aria-hidden, sr-only classes) during conversion
- Scope web tool caches per channel to prevent cross-channel cache poisoning
- Enforce domain blocklist and allowlist checks on HTTP redirect targets
- Add untrusted content reminder to external content wrapper
- Log redirect source URL in fetch results for transparency

Co-authored-by: Nam Nguyen Ngoc <namnn.0911@gmail.com>
 2026-03-07 19:31:56 +07:00
viettranx 7d211fa796 refactor: split 7 large Go files into smaller files per package 
Pure cut-and-paste of functions/methods into separate files within the
same package — no logic changes. Reduces file sizes for readability.

- loop.go (1312→856) → loop_types.go, loop_compact.go, loop_media.go, loop_utils.go
- delegate.go (687→171) → delegate_sync.go, delegate_async.go, delegate_prep.go
- browser.go (605→154) → browser_tabs.go, browser_page.go, browser_remote.go
- teams.go (602→170) → teams_crud.go, teams_members.go
- web_fetch_convert.go (572→176) → web_fetch_convert_handlers.go, web_fetch_convert_utils.go
- resolver.go (543→373) → resolver_helpers.go
- sessions.go (536→157) → sessions_tokens.go, sessions_ops.go, sessions_list.go

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-05 10:47:06 +07:00
viettranx 37158af231 fix(web_fetch): replace regex HTML parsing with DOM-based extraction 
Regex-based htmlToMarkdown/htmlToText leaked CSS, JS, and non-content
elements. Replaced with golang.org/x/net/html DOM parser that extracts
<body> only and skips 16 non-content element types (script, style,
noscript, svg, template, iframe, form, nav, footer, etc.).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-03 17:10:55 +07:00
viettranx 50a90aa8c6 refactor: split large Go files (>350 lines) into smaller same-package files 
Pure file reorganization — no logic changes, no renames, no refactoring.
Functions moved to new files in the same package for maintainability.

Split 13 files across 6 packages into 25 new files:
- store/pg: teams.go → teams_tasks/delegation/messaging.go; mcp_servers.go → mcp_servers_access.go
- tools: delegate.go → delegate_state/policy/events.go; subagent.go → subagent_exec/config.go;
  web_search.go → web_search_brave/ddg.go; web_fetch.go → web_fetch_convert.go;
  sessions.go → sessions_history/send.go
- providers: anthropic.go → anthropic_stream/request.go
- mcp: manager.go → manager_connect/tools/util.go
- channels/feishu: bot.go → bot_parse/policy.go; larkclient.go → larkclient_messaging.go
- cmd: gateway_consumer.go → gateway_cron.go; agent_chat.go → agent_chat_client/standalone.go

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-28 17:27:28 +07:00